Answered by:
windows 10 1607 ,cannot apply windows update policy

Question
-
Hello everyone,
i have windows server 2008R2 and windows 10 1607, created GPO and configured automatic updates. open windows 10 and run gpupdate /force, open windows updates the policy not applied. i also configured WSUS, the client not registered in WSUS.
this is a test lab
any ideas for this?
- Moved by Amy Wang_ Friday, March 17, 2017 1:33 AM from RDS forum
Thursday, March 16, 2017 2:42 PM
Answers
-
Hi islam mohaned Hussein,
1. Please check if the win10 1607 clients are included in the GPO OU;
2. After run gpupdate /force on the clients, also run gpresult /h C:\report.html to check the apply result;
3. To enable clients register in WSUS server, we need to ensure the GPO is configured and applied correctly, and the port is allowed in firewall, if all the things are correct while they still not show up in WSUS console, we may reset SUSClientID on clients:
Reset SusClientId:
1). In cmd, net stop wuauserv2). Delete the value in registry key " SusClientId " and "SusClientIDValidation" locates in:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
3). In cmd, net start wuauserv
wuauclt.exe /resetauthorization /detectnowBest Regards,
Anne
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Proposed as answer by Anne HeMicrosoft contingent staff Thursday, March 23, 2017 3:26 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 8:22 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:23 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 11:27 AM
Friday, March 17, 2017 6:26 AM -
Am 16.03.2017 schrieb awbruso6:
i have windows server 2008R2 and windows 10 1607, created GPO and configured automatic updates. open windows 10 and run gpupdate /force, open windows updates the policy not applied. i also configured WSUS, the client not registered in WSUS.
Bring your WSUS up2date:
WSUS 3.0 (SP2): Build 3.2.7600.226
WSUS 3.0 (SP2) + KB2720211: Build 3.2.7600.251
WSUS 3.0 (SP2) + KB2734608: Build 3.2.7600.256
WSUS 3.0 (SP2) + KB2828185: Build 3.2.7600.262
WSUS 3.0 (SP2) + KB2938066: Build 3.2.7600.274For W10 1607 you need a third WSUS Entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
UpdateServiceUrlAlternate
You can find this settings in the latest WU-ADM Templates.
Winfried
WSUS Package Publisher: http://wsuspackagepublisher.codeplex.com/
http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
http://www.wsuswiki.com/Home- Marked as answer by islam mhmd Thursday, March 23, 2017 11:27 AM
Friday, March 17, 2017 4:56 PM -
Am 18.03.2017 schrieb islam mohamed hussein:
The windows 10 client already included in the GPO OU. the gpresult shows that the windows update policy applied. but, when open the policy in local group policy console of client shows the policy not configured
GPEDIT.MSC shows only Settings, if they modified IN gpedit.msc.
Settings made with GPMC.MSC you don't see with GPEDIT.MSC.Winfried
WSUS Package Publisher: http://wsuspackagepublisher.codeplex.com/
http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
http://www.wsuswiki.com/Home- Proposed as answer by Anne HeMicrosoft contingent staff Thursday, March 23, 2017 3:26 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 8:21 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:23 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 11:26 AM
Saturday, March 18, 2017 10:44 PM -
The windows 10 client already included in the GPO OU. the gpresult shows that the windows update policy applied. but, when open the policy in local group policy console of client shows the policy not configured
Hi islam,
The GPO will not reflect in the local group policy, after applying the GPO, it will modify the registry keys in clients, please check HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, check the WUServer and WUStatusServer URL is correct:
By the way, is your WSUS server 2008R2? If yes, you need to upgrade your WSUS server to WSUS 4.0 or WSUS 2016, WSUS 2008R2 do not support windows 10 1607 clients, it only support the minimal updates for windows 10.
What's more, if you WSUS is 4.0 or higher, the registry settings are correct, while the clients still not show up, please reset SUSClientID, check the result.
Best Regards,
Anne
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Edited by Anne HeMicrosoft contingent staff Monday, March 20, 2017 6:45 AM
- Proposed as answer by Anne HeMicrosoft contingent staff Thursday, March 23, 2017 3:27 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 8:21 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:22 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 11:26 AM
Monday, March 20, 2017 6:42 AM -
Hi islam mhmd,
Actually, on windows 10 1607, no matter what AU options we set, it will download updates automatically as soon as it detect windows updates.
After applying the policy, the windows update panel will like this:
It is different from the pervious OS. If you want to disable clients to update from Internet, we use GPO "Turn off access to all windows update feature" in Computer configuration/Administrative Templates/System/Internet Communication Management. Then, run gpupdate /force on clients, the check online option will be hidden:
Best Regards,
Anne
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Marked as answer by islam mhmd Thursday, March 23, 2017 11:17 AM
Thursday, March 23, 2017 9:03 AM
All replies
-
Hi islam mohaned Hussein,
1. Please check if the win10 1607 clients are included in the GPO OU;
2. After run gpupdate /force on the clients, also run gpresult /h C:\report.html to check the apply result;
3. To enable clients register in WSUS server, we need to ensure the GPO is configured and applied correctly, and the port is allowed in firewall, if all the things are correct while they still not show up in WSUS console, we may reset SUSClientID on clients:
Reset SusClientId:
1). In cmd, net stop wuauserv2). Delete the value in registry key " SusClientId " and "SusClientIDValidation" locates in:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
3). In cmd, net start wuauserv
wuauclt.exe /resetauthorization /detectnowBest Regards,
Anne
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Proposed as answer by Anne HeMicrosoft contingent staff Thursday, March 23, 2017 3:26 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 8:22 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:23 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 11:27 AM
Friday, March 17, 2017 6:26 AM -
Am 16.03.2017 schrieb awbruso6:
i have windows server 2008R2 and windows 10 1607, created GPO and configured automatic updates. open windows 10 and run gpupdate /force, open windows updates the policy not applied. i also configured WSUS, the client not registered in WSUS.
Bring your WSUS up2date:
WSUS 3.0 (SP2): Build 3.2.7600.226
WSUS 3.0 (SP2) + KB2720211: Build 3.2.7600.251
WSUS 3.0 (SP2) + KB2734608: Build 3.2.7600.256
WSUS 3.0 (SP2) + KB2828185: Build 3.2.7600.262
WSUS 3.0 (SP2) + KB2938066: Build 3.2.7600.274For W10 1607 you need a third WSUS Entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
UpdateServiceUrlAlternate
You can find this settings in the latest WU-ADM Templates.
Winfried
WSUS Package Publisher: http://wsuspackagepublisher.codeplex.com/
http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
http://www.wsuswiki.com/Home- Marked as answer by islam mhmd Thursday, March 23, 2017 11:27 AM
Friday, March 17, 2017 4:56 PM -
The windows 10 client already included in the GPO OU. the gpresult shows that the windows update policy applied. but, when open the policy in local group policy console of client shows the policy not configuredSaturday, March 18, 2017 7:47 PM
-
Am 18.03.2017 schrieb islam mohamed hussein:
The windows 10 client already included in the GPO OU. the gpresult shows that the windows update policy applied. but, when open the policy in local group policy console of client shows the policy not configured
GPEDIT.MSC shows only Settings, if they modified IN gpedit.msc.
Settings made with GPMC.MSC you don't see with GPEDIT.MSC.Winfried
WSUS Package Publisher: http://wsuspackagepublisher.codeplex.com/
http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
http://www.wsuswiki.com/Home- Proposed as answer by Anne HeMicrosoft contingent staff Thursday, March 23, 2017 3:26 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 8:21 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:23 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 11:26 AM
Saturday, March 18, 2017 10:44 PM -
For W10 1607 you need a third WSUS Entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
UpdateServiceUrlAlternate
Following the path ,don't find "updateserviceurlalternate"
Sunday, March 19, 2017 2:42 PM -
Am 19.03.2017 schrieb islam mohamed hussein:
For W10 1607 you need a third WSUS Entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
UpdateServiceUrlAlternate
Following the path ,don't find "updateserviceurlalternate"If there isn't the third entry, create a new one.
Winfried
WSUS Package Publisher: http://wsuspackagepublisher.codeplex.com/
http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
http://www.wsuswiki.com/Home- Marked as answer by islam mhmd Thursday, March 23, 2017 8:21 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:22 AM
Sunday, March 19, 2017 8:19 PM -
The windows 10 client already included in the GPO OU. the gpresult shows that the windows update policy applied. but, when open the policy in local group policy console of client shows the policy not configured
Hi islam,
The GPO will not reflect in the local group policy, after applying the GPO, it will modify the registry keys in clients, please check HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, check the WUServer and WUStatusServer URL is correct:
By the way, is your WSUS server 2008R2? If yes, you need to upgrade your WSUS server to WSUS 4.0 or WSUS 2016, WSUS 2008R2 do not support windows 10 1607 clients, it only support the minimal updates for windows 10.
What's more, if you WSUS is 4.0 or higher, the registry settings are correct, while the clients still not show up, please reset SUSClientID, check the result.
Best Regards,
Anne
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Edited by Anne HeMicrosoft contingent staff Monday, March 20, 2017 6:45 AM
- Proposed as answer by Anne HeMicrosoft contingent staff Thursday, March 23, 2017 3:27 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 8:21 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:22 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 11:26 AM
Monday, March 20, 2017 6:42 AM -
The client is registered in wsus ,but the client still can search for updates online and change update settingsTuesday, March 21, 2017 9:12 AM
-
The client is registered in wsus ,but the client still can search for updates online and change update settings
Hi,
Then, what is your detailed requirement now? Seems the original questions in your original post has been solved, is it?
Best Regards,
Anne
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Marked as answer by islam mhmd Thursday, March 23, 2017 8:21 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:21 AM
- Marked as answer by islam mhmd Thursday, March 23, 2017 8:22 AM
- Unmarked as answer by islam mhmd Thursday, March 23, 2017 8:22 AM
Thursday, March 23, 2017 3:26 AM -
Hi,
Then, what is your detailed requirement now? Seems the original questions in your original post has been solved, is it?
Best Regards,
Anne
I mean in previous version of windows 10, When i open windows update setting dimmed "managed by your organization". but with version 1607 not dimmed
Thursday, March 23, 2017 8:26 AM -
Hi islam mhmd,
Actually, on windows 10 1607, no matter what AU options we set, it will download updates automatically as soon as it detect windows updates.
After applying the policy, the windows update panel will like this:
It is different from the pervious OS. If you want to disable clients to update from Internet, we use GPO "Turn off access to all windows update feature" in Computer configuration/Administrative Templates/System/Internet Communication Management. Then, run gpupdate /force on clients, the check online option will be hidden:
Best Regards,
Anne
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Marked as answer by islam mhmd Thursday, March 23, 2017 11:17 AM
Thursday, March 23, 2017 9:03 AM -
Thanks for your help AnneThursday, March 23, 2017 11:18 AM